b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2021-12-04 18:01:05 +00:00 committed by GitHub
parent a3ef129c42 14895ade52
commit d4c54e7f61
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 1000 additions and 555 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/builders/images/dockertools.section.md
View file

@ -151,6 +151,12 @@ Create a Docker image with many of the store paths being on their own layer to i
: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run `chown` to change the owners of the files in the archive, changing fakeroot's state instead of the real filesystem. The latter would require privileges that the build user does not have. Static binaries do not interact with the fakeroot environment. By default all files in the archive will be owned by root.
`enableFakechroot` _optional_
: Whether to run in `fakeRootCommands` in `fakechroot`, making programs behave as though `/` is the root of the image being created, while files in the Nix store are available as usual. This allows scripts that perform installation in `/` to work as expected. Considering that `fakechroot` is implemented via the same mechanism as `fakeroot`, the same caveats apply.
*Default:* `false`
### Behavior of `contents` in the final image {#dockerTools-buildLayeredImage-arg-contents}
Each path directly listed in `contents` will have a symlink in the root of the image.

1
nixos/modules/module-list.nix
View file

@ -898,6 +898,7 @@
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/video/unifi-video.nix
./services/video/rtsp-simple-server.nix
./services/networking/v2ray.nix
./services/networking/vsftpd.nix
./services/networking/wasabibackend.nix

4
nixos/modules/services/networking/ddclient.nix
View file

@ -31,8 +31,8 @@ let
preStart = ''
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then ''
password=$(head -n 1 ${cfg.passwordFile})
sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf
password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf
'' else ''
sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf
'')}

80
nixos/modules/services/video/rtsp-simple-server.nix Normal file
View file

@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.rtsp-simple-server;
package = pkgs.rtsp-simple-server;
format = pkgs.formats.yaml {};
in
{
options = {
services.rtsp-simple-server = {
enable = mkEnableOption "RTSP Simple Server";
settings = mkOption {
description = ''
Settings for rtsp-simple-server.
Read more at <link xlink:href="https://github.com/aler9/rtsp-simple-server/blob/main/rtsp-simple-server.yml"/>
'';
type = format.type;
default = {
logLevel = "info";
logDestinations = [
"stdout"
];
# we set this so when the user uses it, it just works (see LogsDirectory below). but it's not used by default.
logFile = "/var/log/rtsp-simple-server/rtsp-simple-server.log";
};
example = {
paths = {
cam = {
runOnInit = "ffmpeg -f v4l2 -i /dev/video0 -f rtsp rtsp://localhost:$RTSP_PORT/$RTSP_PATH";
runOnInitRestart = true;
};
};
};
};
env = mkOption {
type = with types; attrsOf anything;
description = "Extra environment variables for RTSP Simple Server";
default = {};
example = {
RTSP_CONFKEY = "mykey";
};
};
};
};
config = mkIf (cfg.enable) {
# NOTE: rtsp-simple-server watches this file and automatically reloads if it changes
environment.etc."rtsp-simple-server.yaml".source = format.generate "rtsp-simple-server.yaml" cfg.settings;
systemd.services.rtsp-simple-server = {
environment = cfg.env;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
ffmpeg
];
serviceConfig = {
DynamicUser = true;
User = "rtsp-simple-server";
Group = "rtsp-simple-server";
LogsDirectory = "rtsp-simple-server";
# user likely may want to stream cameras, can't hurt to add video group
SupplementaryGroups = "video";
ExecStart = "${package}/bin/rtsp-simple-server /etc/rtsp-simple-server.yaml";
};
};
};
}

8
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -153,7 +153,7 @@ in {
package = mkOption {
type = types.package;
description = "Which package to use for the Nextcloud instance.";
relatedPackages = [ "nextcloud21" "nextcloud22" ];
relatedPackages = [ "nextcloud21" "nextcloud22" "nextcloud23" ];
};
phpPackage = mkOption {
type = types.package;
@ -508,7 +508,7 @@ in {
config = mkIf cfg.enable (mkMerge [
{ warnings = let
latest = 22;
latest = 23;
upgradeWarning = major: nixos:
''
A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.
@ -543,6 +543,7 @@ in {
'')
++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05"))
++ (optional (versionOlder cfg.package.version "22") (upgradeWarning 21 "21.11"))
++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05"))
++ (optional isUnsupportedMariadb ''
You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)!
Please note that this isn't supported officially by Nextcloud. You can either
@ -573,7 +574,8 @@ in {
# nextcloud20 throws an eval-error because it's dropped).
else if versionOlder stateVersion "21.03" then nextcloud20
else if versionOlder stateVersion "21.11" then nextcloud21
else nextcloud22
else if versionOlder stateVersion "22.05" then nextcloud22
else nextcloud23
);
services.nextcloud.datadir = mkOptionDefault config.services.nextcloud.home;

2
nixos/modules/services/web-apps/nextcloud.xml
View file

@ -11,7 +11,7 @@
desktop client is packaged at <literal>pkgs.nextcloud-client</literal>.
</para>
<para>
The current default by NixOS is <package>nextcloud22</package> which is also the latest
The current default by NixOS is <package>nextcloud23</package> which is also the latest
major version available.
</para>
<section xml:id="module-services-nextcloud-basic-usage">

5
nixos/tests/docker-tools.nix
View file

@ -396,6 +396,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
"tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null"
)
with subtest("layered image fakeRootCommands with fakechroot works"):
docker.succeed("${examples.imageViaFakeChroot} | docker load")
docker.succeed("docker run --rm image-via-fake-chroot | grep -i hello")
docker.succeed("docker image rm image-via-fake-chroot:latest")
with subtest("Ensure bare paths in contents are loaded correctly"):
docker.succeed(
"docker load --input='${examples.build-image-with-path}'",

10
nixos/tests/nextcloud/default.nix
View file

@ -1,6 +1,6 @@
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../../.. { inherit system config; }
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../../.. { inherit system config; }
}:
with pkgs.lib;
@ -17,5 +17,5 @@ foldl
nextcloudVersion = ver;
};
})
{}
[ 21 22 ]
{ }
[ 21 22 23 ]

16
pkgs/applications/editors/jetbrains/default.nix
View file

@ -281,12 +281,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2021.2.3"; /* updated by script */
version = "2021.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "166rhssyizn40rlar7ym7gkwz2aawp58qqvrs60w3cwwvjvb0bjq"; /* updated by script */
sha256 = "0xrhgqbsyd2plzkkmy00bwsa8dk4ijszmhmbyn6c9ygl01zhji6y"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -294,12 +294,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2021.2.3"; /* updated by script */
version = "2021.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "1d0kk2yydrbzvdy6dy9jqr182panidmbf2hy80gvi5ph2r5rv1qd"; /* updated by script */
sha256 = "0riwww75aizprb01c1sccprbr00ky5wgy5cxxjxqgm8v72rfnihb"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -373,12 +373,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2021.2.3"; /* updated by script */
version = "2021.3"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "0bbq5ya1dxrgaqqqsc4in4rgv7v292hww3bb0vpzwz6dmc2jly1i"; /* updated by script */
sha256 = "1vmybxnwyv7wiv3clm857yvzlws0bcza01wx8jm0dbnrzq38dz4d"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -386,12 +386,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2021.2.3"; /* updated by script */
version = "2021.3"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "0d79x1jz4ymd6cc1n4s3y3n8lb6gw4g0yj6d4qzjlr5c9snx3zdf"; /* updated by script */
sha256 = "1llz97r95xrf7yixgbfipg153qikkxziwwhv9dvvi29v7pi1k4ys"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

8
pkgs/applications/graphics/tev/default.nix
View file

@ -5,19 +5,19 @@
stdenv.mkDerivation rec {
pname = "tev";
version = "1.17";
version = "1.19";
src = fetchFromGitHub {
owner = "Tom94";
repo = pname;
rev = "v${version}";
fetchSubmodules = true;
sha256 = "12wsy2zdfhg0ygkpvz58rk86qiy259fi9grb0jxiz8zcyd6x1ngk";
sha256 = "sha256-laP47xOND6PMA6dwTcCupcTIW+9zCaxO6rHzvDSL9JU=";
};
nativeBuildInputs = [ cmake wrapGAppsHook ];
buildInputs = [ libX11 libzip glfw libpng ]
++ (with xorg; [ libXrandr libXinerama libXcursor libXi libXxf86vm ]);
++ (with xorg; [ libXrandr libXinerama libXcursor libXi libXxf86vm libXext ]);
dontWrapGApps = true; # We also need zenity (see below)
@ -53,6 +53,6 @@ stdenv.mkDerivation rec {
changelog = "https://github.com/Tom94/tev/releases/tag/v${version}";
license = licenses.bsd3;
platforms = platforms.unix;
maintainers = with maintainers; [ primeos ];
maintainers = with maintainers; [ ];
};
}

8
pkgs/applications/networking/mailreaders/aerc/default.nix
View file

@ -5,17 +5,17 @@
buildGoModule rec {
pname = "aerc";
version = "0.5.2";
version = "0.6.0";
src = fetchFromSourcehut {
owner = "~sircmpwn";
owner = "~rjarry";
repo = pname;
rev = version;
sha256 = "1ja639qry8h2d6y7qshf62ypkzs2rzady59p81scqh8nx0g9bils";
sha256 = "sha256-RaHigTp1YGkjQ46gFLhKcJuajekcCgfozu0ndCNq5Ac=";
};
runVend = true;
vendorSha256 = "9PXdUH0gu8PGaKlRJCUF15W1/LxA+sv3Pwl2UnjYxWY=";
vendorSha256 = "sha256-A2MZzTYzGuZLFENn9OBIBBreJan+b3RKOEu5bQcDwS8=";
doCheck = false;

6
pkgs/applications/version-management/git-and-tools/delta/default.nix
View file

@ -11,16 +11,16 @@
rustPlatform.buildRustPackage rec {
pname = "delta";
version = "0.10.2";
version = "0.10.3";
src = fetchFromGitHub {
owner = "dandavison";
repo = pname;
rev = version;
sha256 = "sha256-rQsicAUKlQYxA/DH8691jp6Pk97rer2X2CXUfXKHLDE=";
sha256 = "sha256-LABadIux5YId62+t8qXJvBTvB5Beu4u4D0HebNJibxY=";
};
cargoSha256 = "sha256-NjyiGr7mwsHlggMQEKcCvOCfGabRJDBdrYW8ohU02mk=";
cargoSha256 = "sha256-W2OBvVFCaykT/GRIUASsyNlkOk2Bp8yufoMXPX4oryA=";
nativeBuildInputs = [ installShellFiles ];

27
pkgs/build-support/docker/default.nix
View file

@ -5,6 +5,7 @@
, closureInfo
, coreutils
, e2fsprogs
, fakechroot
, fakeroot
, findutils
, go
@ -34,6 +35,10 @@
}:
let
inherit (lib)
optionals
optionalString
;
inherit (lib)
escapeShellArgs
@ -811,6 +816,10 @@ rec {
, # Optional bash script to run inside fakeroot environment.
# Could be used for changing ownership of files in customisation layer.
fakeRootCommands ? ""
, # Whether to run fakeRootCommands in fakechroot as well, so that they
# appear to run inside the image, but have access to the normal Nix store.
# Perhaps this could be enabled on by default on pkgs.stdenv.buildPlatform.isLinux
enableFakechroot ? false
, # We pick 100 to ensure there is plenty of room for extension. I
# believe the actual maximum is 128.
maxLayers ? 100
@ -842,16 +851,26 @@ rec {
name = "${baseName}-customisation-layer";
paths = contentsList;
inherit extraCommands fakeRootCommands;
nativeBuildInputs = [ fakeroot ];
nativeBuildInputs = [
fakeroot
] ++ optionals enableFakechroot [
fakechroot
# for chroot
coreutils
# fakechroot needs getopt, which is provided by util-linux
util-linux
];
postBuild = ''
mv $out old_out
(cd old_out; eval "$extraCommands" )
mkdir $out
fakeroot bash -c '
${optionalString enableFakechroot ''
export FAKECHROOT_EXCLUDE_PATH=/dev:/proc:/sys:${builtins.storeDir}:$out/layer.tar
''}
${optionalString enableFakechroot ''fakechroot chroot $PWD/old_out ''}fakeroot bash -c '
source $stdenv/setup
cd old_out
${optionalString (!enableFakechroot) ''cd old_out''}
eval "$fakeRootCommands"
tar \
--sort name \

14
pkgs/build-support/docker/examples.nix
View file

@ -562,6 +562,20 @@ rec {
# Example export of the bash image
exportBash = pkgs.dockerTools.exportImage { fromImage = bash; };
imageViaFakeChroot = pkgs.dockerTools.streamLayeredImage {
name = "image-via-fake-chroot";
tag = "latest";
config.Cmd = [ "hello" ];
enableFakechroot = true;
# Crucially, instead of a relative path, this creates /bin, which is
# intercepted by fakechroot.
# This functionality is not available on darwin as of 2021.
fakeRootCommands = ''
mkdir /bin
ln -s ${pkgs.hello}/bin/hello /bin/hello
'';
};
build-image-with-path = buildImage {
name = "build-image-with-path";
tag = "latest";

10
pkgs/desktops/gnome/extensions/extensionOverrides.nix
View file

@ -2,6 +2,7 @@
, ddcutil
, gjs
, xprop
, touchegg
}:
let
# Helper method to reduce redundancy
@ -47,4 +48,13 @@ super: lib.trivial.pipe super [
meta.maintainers = with lib.maintainers; [ rhoriguchi ];
}))
(patchExtension "x11gestures@joseexposito.github.io" (old: {
# Extension can't find Touchegg
# https://github.com/NixOS/nixpkgs/issues/137621
postPatch = ''
substituteInPlace "src/touchegg/ToucheggConfig.js" \
--replace "GLib.build_filenamev([GLib.DIR_SEPARATOR_S, 'usr', 'share', 'touchegg', 'touchegg.conf'])" "'${touchegg}/share/touchegg/touchegg.conf'"
'';
}))
]

1
pkgs/development/node-packages/node-packages.json
View file

@ -228,6 +228,7 @@
, "prettier"
, "prettier-plugin-toml"
, "prisma"
, "@prisma/language-server"
, "pscid"
, "pulp"
, "purescript-language-server"

900
pkgs/development/node-packages/node-packages.nix generated
View file

File diff suppressed because it is too large Load diff

6
pkgs/development/ruby-modules/gem-config/default.nix
View file

@ -676,11 +676,5 @@ in
zookeeper = attrs: {
buildInputs = lib.optionals stdenv.isDarwin [ cctools ];
dontBuild = false;
postPatch = ''
sed -i ext/extconf.rb -e "4a \
FileUtils.cp '${./zookeeper-ftbfs-with-gcc-8.patch}', 'patches/zkc-3.4.5-gcc-8.patch'
"
'';
};
}

11
pkgs/development/ruby-modules/gem-config/zookeeper-ftbfs-with-gcc-8.patch
View file

@ -1,11 +0,0 @@
--- zkc-3.4.5/c/src/zookeeper.c 2019-09-13 12:05:20.647034862 +0200
+++ zkc-3.4.5/c/src/zookeeper.c 2019-09-13 12:05:49.125360269 +0200
@@ -3418,7 +3418,7 @@
static const char* format_endpoint_info(const struct sockaddr_storage* ep)
{
- static char buf[128];
+ static char buf[128 + 6]; // include space for the port :xxxxxx
char addrstr[128];
void *inaddr;
#ifdef WIN32

27
pkgs/development/tools/database/clickhouse-backup/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ buildGoModule, lib, fetchFromGitHub }:
buildGoModule rec {
pname = "clickhouse-backup";
version = "1.2.2";
src = fetchFromGitHub {
owner = "AlexAkulov";
repo = pname;
rev = "v${version}";
sha256 = "sha256-ThN1uvofIvV5Dt6dqxLpekTRy9pV4xb0bkVNRcfNJ2c=";
};
vendorSha256 = "sha256-OQGpWWerUv2asjpjMLAkgeb0Q+lMAsDXjFCh0I4ze20=";
postConfigure = ''
export CGO_ENABLED=0
'';
meta = with lib; {
homepage = "https://github.com/AlexAkulov/clickhouse-backup";
description = "Tool for easy ClickHouse backup and restore with cloud storages support";
license = licenses.mit;
maintainers = with maintainers; [ ma27 ];
platforms = platforms.linux;
};
}

4
pkgs/development/tools/pgformatter/default.nix
View file

@ -2,13 +2,13 @@
perlPackages.buildPerlPackage rec {
pname = "pgformatter";
version = "5.1";
version = "5.2";
src = fetchFromGitHub {
owner = "darold";
repo = "pgFormatter";
rev = "v${version}";
sha256 = "1a6rmph96s7c8lpmpkizcvdf0x4jlsr5iqi7qjprxqsf6zak2rfg";
sha256 = "sha256-NNdg3H+tB5ovKWGneOs496c0b2dv/zFYF4CZhuH07Fs=";
};
outputs = [ "out" ];

261
pkgs/os-specific/linux/sgx-sdk/default.nix
View file

@ -1,7 +1,6 @@
{ lib
, stdenv
, fetchpatch
, fetchurl
, fetchzip
, fetchFromGitHub
, callPackage
, autoconf
@ -9,69 +8,86 @@
, binutils
, cmake
, file
, gdb
, git
, libtool
, nasm
, ncurses
, ocaml
, ocamlPackages
, openssl
, perl
, python3
, texinfo
, which
, validatePkgConfig
, writeShellScript
, writeText
}:
with lib;
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14";
version = "2.14.100.2";
versionTag = concatStringsSep "." (take 2 (splitVersion version));
src = fetchFromGitHub {
owner = "intel";
repo = "linux-sgx";
rev = "0cea078f17a24fb807e706409972d77f7a958db9";
sha256 = "1cr2mkk459s270ng0yddgcryi0zc3dfmg9rmdrdh9mhy2mc1kx0g";
rev = "sgx_${versionTag}";
hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM=";
fetchSubmodules = true;
};
patches = [
(fetchpatch {
name = "replace-bin-cp-with-cp.patch";
url = "https://github.com/intel/linux-sgx/commit/e0db5291d46d1c124980719d63829d65f89cf2c7.patch";
sha256 = "0xwlpm1r4rl4anfhjkr6fgz0gcyhr0ng46fv8iw9hfsh891yqb7z";
})
(fetchpatch {
name = "sgx_ippcp.h.patch";
url = "https://github.com/intel/linux-sgx/commit/e5929083f8161a8e7404afc0577936003fbb9d0b.patch";
sha256 = "12bgs9rxlq82hn5prl9qz2r4mwypink8hzdz4cki4k4cmkw961f5";
})
];
postUnpack =
let
optlibName = "optimized_libs_${versionTag}.tar.gz";
optimizedLibs = fetchzip {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}";
hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";
stripRoot = false;
};
sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";
in
''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
# Make sure we use the correct version to build IPP Crypto
grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \
|| (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1)
# Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752
ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h"
'';
postPatch = ''
patchShebangs ./linux/installer/bin/build-installpkg.sh \
./linux/installer/common/sdk/createTarball.sh \
./linux/installer/common/sdk/install.sh
# https://github.com/intel/linux-sgx/pull/730
substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
patchShebangs linux/installer/bin/build-installpkg.sh \
linux/installer/common/sdk/createTarball.sh \
linux/installer/common/sdk/install.sh
'';
dontConfigure = true;
# We need `cmake` as a build input but don't use it to kick off the build phase
dontUseCmakeConfigure = true;
# SDK built with stackprotector produces broken enclaves which crash at runtime.
# Disable all to be safe, SDK build configures compiler mitigations manually.
hardeningDisable = [ "all" ];
nativeBuildInputs = [
autoconf
automake
cmake
file
git
ocaml
ocamlPackages.ocamlbuild
perl
python3
texinfo
nasm
file
ncurses
autoconf
automake
validatePkgConfig
];
buildInputs = [
@ -84,75 +100,174 @@ stdenv.mkDerivation rec {
# Build external/ippcp_internal first. The Makefile is rewritten to make the
# build faster by splitting different versions of ipp-crypto builds and to
# avoid patching the Makefile for reproducibility issues.
buildPhase = let
ipp-crypto-no_mitigation = callPackage (import ./ipp-crypto.nix) {};
preBuild =
let
ipp-crypto-no_mitigation = callPackage ./ipp-crypto.nix { };
sgx-asm-pp = "python ${src}/build-scripts/sgx-asm-pp.py --assembler=nasm";
sgx-asm-pp = "python ${src}/build-scripts/sgx-asm-pp.py --assembler=nasm";
nasm-load = writeShellScript "nasm-load" "${sgx-asm-pp} --MITIGATION-CVE-2020-0551=LOAD $@";
ipp-crypto-cve_2020_0551_load = callPackage (import ./ipp-crypto.nix) {
extraCmakeFlags = [ "-DCMAKE_ASM_NASM_COMPILER=${nasm-load}" ];
};
nasm-load = writeShellScript "nasm-load" "${sgx-asm-pp} --MITIGATION-CVE-2020-0551=LOAD $@";
ipp-crypto-cve_2020_0551_load = callPackage ./ipp-crypto.nix {
extraCmakeFlags = [ "-DCMAKE_ASM_NASM_COMPILER=${nasm-load}" ];
};
nasm-cf = writeShellScript "nasm-cf" "${sgx-asm-pp} --MITIGATION-CVE-2020-0551=CF $@";
ipp-crypto-cve_2020_0551_cf = callPackage (import ./ipp-crypto.nix) {
extraCmakeFlags = [ "-DCMAKE_ASM_NASM_COMPILER=${nasm-cf}" ];
};
in ''
cd external/ippcp_internal
nasm-cf = writeShellScript "nasm-cf" "${sgx-asm-pp} --MITIGATION-CVE-2020-0551=CF $@";
ipp-crypto-cve_2020_0551_cf = callPackage ./ipp-crypto.nix {
extraCmakeFlags = [ "-DCMAKE_ASM_NASM_COMPILER=${nasm-cf}" ];
};
in
''
header "Setting up IPP crypto build artifacts"
mkdir -p lib/linux/intel64/no_mitigation
cp ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a lib/linux/intel64/no_mitigation
chmod a+w lib/linux/intel64/no_mitigation/libippcp.a
cp ${ipp-crypto-no_mitigation}/include/* ./inc
pushd 'external/ippcp_internal'
mkdir -p lib/linux/intel64/cve_2020_0551_load
cp ${ipp-crypto-cve_2020_0551_load}/lib/intel64/libippcp.a lib/linux/intel64/cve_2020_0551_load
chmod a+w lib/linux/intel64/cve_2020_0551_load/libippcp.a
install ${ipp-crypto-no_mitigation}/include/* inc/
mkdir -p lib/linux/intel64/cve_2020_0551_cf
cp ${ipp-crypto-cve_2020_0551_cf}/lib/intel64/libippcp.a lib/linux/intel64/cve_2020_0551_cf
chmod a+w lib/linux/intel64/cve_2020_0551_cf/libippcp.a
install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \
lib/linux/intel64/no_mitigation/libippcp.a
install -D -m a+rw ${ipp-crypto-cve_2020_0551_load}/lib/intel64/libippcp.a \
lib/linux/intel64/cve_2020_0551_load/libippcp.a
install -D -m a+rw ${ipp-crypto-cve_2020_0551_cf}/lib/intel64/libippcp.a \
lib/linux/intel64/cve_2020_0551_cf/libippcp.a
rm -f ./inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i ./inc/ippcp20u3.patch -o ./inc/ippcp.h
rm inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h
mkdir -p license
cp ${ipp-crypto-no_mitigation.src}/LICENSE ./license
install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
# Build the SDK installation package.
cd ../..
popd
'';
# Nix patches make so that $(SHELL) defaults to "sh" instead of "/bin/sh".
# The build uses $(SHELL) as an argument to file -L which requires a path.
make SHELL=$SHELL sdk_install_pkg
buildFlags = [
"sdk_install_pkg"
];
runHook postBuild
'';
enableParallelBuilding = true;
postBuild = ''
patchShebangs ./linux/installer/bin/sgx_linux_x64_sdk_*.bin
patchShebangs linux/installer/bin/sgx_linux_x64_sdk_${version}.bin
'';
installPhase = ''
echo -e 'no\n'$out | ./linux/installer/bin/sgx_linux_x64_sdk_*.bin
runHook preInstall
installDir=$TMPDIR
./linux/installer/bin/sgx_linux_x64_sdk_${version}.bin -prefix $installDir
installDir=$installDir/sgxsdk
header "Move files created by installer"
mkdir -p $out/bin
pushd $out
mv $installDir/bin/sgx-gdb $out/bin
mkdir $out/bin/x64
for file in $installDir/bin/x64/*; do
mv $file bin/
ln -sr bin/$(basename $file) bin/x64/
done
rmdir $installDir/bin/{x64,}
# Move `lib64` to `lib` and symlink `lib64`
mv $installDir/lib64 lib
ln -s lib/ lib64
mv $installDir/include/ .
mkdir -p share/
mv $installDir/{SampleCode,licenses} share/
mkdir -p share/bin
mv $installDir/{environment,buildenv.mk} share/bin/
ln -s share/bin/{environment,buildenv.mk} .
# pkgconfig should go to lib/
mv $installDir/pkgconfig lib/
ln -s lib/pkgconfig/ .
# Also create the `sdk_libs` for compat. All the files
# link to libraries in `lib64/`, we shouldn't link the entire
# directory, however, as there seems to be some ambiguity between
# SDK and PSW libraries.
mkdir sdk_libs/
for file in $installDir/sdk_libs/*; do
ln -sr lib/$(basename $file) sdk_libs/
rm $file
done
rmdir $installDir/sdk_libs
# No uninstall script required
rm $installDir/uninstall.sh
# Create an `sgxsdk` symlink which points to `$out` for compat
ln -sr . sgxsdk
# Make sure we didn't forget any files
rmdir $installDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
popd
runHook postInstall
'';
dontFixup = true;
preFixup = ''
header "Strip sgxsdk prefix"
for path in "$out/share/bin/environment" "$out/bin/sgx-gdb"; do
substituteInPlace $path --replace "$TMPDIR/sgxsdk" "$out"
done
header "Fixing pkg-config files"
sed -i "s|prefix=.*|prefix=$out|g" $out/lib/pkgconfig/*.pc
header "Fixing SGX_SDK default in samples"
substituteInPlace $out/share/SampleCode/LocalAttestation/buildenv.mk \
--replace '/opt/intel/sgxsdk' "$out"
for file in $out/share/SampleCode/*/Makefile; do
substituteInPlace $file \
--replace '/opt/intel/sgxsdk' "$out" \
--replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"
done
header "Fixing BINUTILS_DIR in buildenv.mk"
substituteInPlace $out/share/bin/buildenv.mk \
--replace 'BINUTILS_DIR ?= /usr/local/bin' \
'BINUTILS_DIR ?= ${BINUTILS_DIR}'
header "Fixing GDB path in bin/sgx-gdb"
substituteInPlace $out/bin/sgx-gdb --replace '/usr/local/bin/gdb' '${gdb}/bin/gdb'
'';
doInstallCheck = true;
installCheckInputs = [ which ];
installCheckPhase = ''
source $out/sgxsdk/environment
cd SampleCode/SampleEnclave
make SGX_MODE=SGX_SIM
./app
runHook preInstallCheck
# Make sure all symlinks are valid
output=$(find "$out" -type l -exec test ! -e {} \; -print)
if [[ -n "$output" ]]; then
echo "Broken symlinks:"
echo "$output"
exit 1
fi
runHook postInstallCheck
'';
meta = with lib; {
setupHook = writeText "setup-hook.sh" ''
sgxsdk() {
export SGX_SDK=@out@
}
postHooks+=(sgxsdk)
'';
passthru.tests = callPackage ./samples.nix { };
meta = {
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ sbellem arturcygan ];
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];
platforms = [ "x86_64-linux" ];
license = with licenses; [ bsd3 ];
};

2
pkgs/os-specific/linux/sgx-sdk/ipp-crypto.nix
View file

@ -4,7 +4,7 @@
, cmake
, python3
, nasm
, extraCmakeFlags ? []
, extraCmakeFlags ? [ ]
}:
stdenv.mkDerivation rec {

57
pkgs/os-specific/linux/sgx-sdk/samples.nix Normal file
View file

@ -0,0 +1,57 @@
{ stdenv
, sgx-sdk
, which
}:
let
buildSample = name: stdenv.mkDerivation rec {
inherit name;
src = sgx-sdk.out;
sourceRoot = "${sgx-sdk.name}/share/SampleCode/${name}";
buildInputs = [
sgx-sdk
];
enableParallelBuilding = true;
buildFlags = [
"SGX_MODE=SIM"
];
installPhase = ''
mkdir $out
install -m 755 app $out/app
install *.so $out/
'';
doInstallCheck = true;
installCheckInputs = [ which ];
installCheckPhase = ''
pushd $out
./app
popd
'';
};
in
{
cxx11SGXDemo = buildSample "Cxx11SGXDemo";
localAttestation = (buildSample "LocalAttestation").overrideAttrs (oldAttrs: {
installPhase = ''
mkdir $out
cp -r bin/. $out/
'';
});
powerTransition = (buildSample "PowerTransition").overrideAttrs (oldAttrs: {
# Requires interaction
doInstallCheck = false;
});
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
dontFixup = true;
installCheckPhase = ''
echo "a" | LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/sample_libcrypto ./app
'';
});
sampleEnclave = buildSample "SampleEnclave";
sampleEnclavePCL = buildSample "SampleEnclavePCL";
sealUnseal = buildSample "SealUnseal";
switchless = buildSample "Switchless";
}

23
pkgs/servers/monitoring/grafana/default.nix
View file

@ -2,7 +2,7 @@
buildGo117Module rec {
pname = "grafana";
version = "8.2.5";
version = "8.3.0";
excludedPackages = "\\(alert_webhook_listener\\|clean-swagger\\|release_publisher\\|slow_proxy\\|slow_proxy_mac\\|macaron\\)";
@ -10,15 +10,15 @@ buildGo117Module rec {
rev = "v${version}";
owner = "grafana";
repo = "grafana";
sha256 = "sha256-Bi4z8HqKUeVOxbkKXazNIzFBFy7lW0T27ROVC6enrZE=";
sha256 = "sha256-I+jfWHkTm11qIm6CdDFOFHs/qR9pswbjAdfejkxZnrQ=";
};
srcStatic = fetchurl {
url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
sha256 = "sha256-ngQA8580rvH3C04TfuIsdiStbvk7/HRDDtS04gR92M4=";
sha256 = "sha256-o8uw9VRuK93IbZgcZmFmZ2zbgKdryGbeaPAlQr8wJXw=";
};
vendorSha256 = "sha256-adWWL2shdsp1hGxhYvxBbr1YFM89Ym1J0kBNGUrj6vc=";
vendorSha256 = "sha256-aS9yz0JODZtichaIkiBJLiMjbjGY93eSYwuactbRqOY=";
nativeBuildInputs = [ wire ];
@ -26,19 +26,14 @@ buildGo117Module rec {
# Generate DI code that's required to compile the package.
# From https://github.com/grafana/grafana/blob/v8.2.3/Makefile#L33-L35
wire gen -tags oss ./pkg/server
wire gen -tags oss ./pkg/cmd/grafana-cli/runner
# The testcase makes an API call against grafana.com:
#
# --- Expected
# +++ Actual
# @@ -1,4 +1,4 @@
# (map[string]interface {}) (len=2) {
# - (string) (len=5) "error": (string) (len=16) "plugin not found",
# - (string) (len=7) "message": (string) (len=16) "Plugin not found"
# + (string) (len=5) "error": (string) (len=171) "Failed to send request: Get \"https://grafana.com/api/plugins/repo/test\": dial tcp: lookup grafana.com on [::1]:53: read udp [::1]:48019->[::1]:53: read: connection refused",
# + (string) (len=7) "message": (string) (len=24) "Failed to install plugin"
# }
sed -i -e '/func TestPluginInstallAccess/a t.Skip();' pkg/tests/api/plugins/api_install_test.go
# [...]
# grafana> t=2021-12-02T14:24:58+0000 lvl=dbug msg="Failed to get latest.json repo from github.com" logger=update.checker error="Get \"https://raw.githubusercontent.com/grafana/grafana/main/latest.json\": dial tcp: lookup raw.githubusercontent.com on [::1]:53: read udp [::1]:36391->[::1]:53: read: connection refused"
# grafana> t=2021-12-02T14:24:58+0000 lvl=dbug msg="Failed to get plugins repo from grafana.com" logger=plugin.manager error="Get \"https://grafana.com/api/plugins/versioncheck?slugIn=&grafanaVersion=\": dial tcp: lookup grafana.com on [::1]:53: read udp [::1]:41796->[::1]:53: read: connection refused"
sed -i -e '/Request is not forbidden if from an admin/a t.Skip();' pkg/tests/api/plugins/api_plugins_test.go
# Skip a flaky test (https://github.com/NixOS/nixpkgs/pull/126928#issuecomment-861424128)
sed -i -e '/it should change folder successfully and return correct result/{N;s/$/\nt.Skip();/}'\

5
pkgs/servers/nextcloud/default.nix
View file

@ -54,6 +54,11 @@ in {
version = "22.2.3";
sha256 = "sha256-ZqKaakkHOMCr7bZ3y2jHyR+rqz5kGaPJnYtAaJnrlCo=";
};
nextcloud23 = generic {
version = "23.0.0";
sha256 = "sha256-w3WSq8O2XI/ShFkoGiT0FLh69S/IwuqXm+P5vnXQGiw=";
};
# tip: get she sha with:
# curl 'https://download.nextcloud.com/server/releases/nextcloud-${version}.tar.bz2.sha256'
}

6
pkgs/servers/piping-server-rust/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "piping-server-rust";
version = "0.10.1";
version = "0.10.2";
src = fetchFromGitHub {
owner = "nwtgck";
repo = pname;
rev = "v${version}";
sha256 = "sha256-7L5YNpQXJQoB/VR/x1HtPfB0F/K0IWcJUb4/wE39Zp0=";
sha256 = "sha256-3EDUG9W4WzYk/bjUFIQ7Ho0KR6aMykhyTnWR/+VNxz8=";
};
cargoSha256 = "sha256-t7TJx12CBauWW+1EZ80ouDO4p+0R5jLMaGc/YaPnYRc=";
cargoSha256 = "sha256-8xUhYyjc4560PowCRwYeZMUJLhZFTHcMRLe/iQAwaWE=";
buildInputs = lib.optionals stdenv.isDarwin [ CoreServices Security ];

6
pkgs/servers/rtsp-simple-server/default.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "rtsp-simple-server";
version = "0.17.3";
version = "0.17.8";
src = fetchFromGitHub {
owner = "aler9";
repo = pname;
rev = "v${version}";
sha256 = "sha256-9V6yblRnOAZBYuGChjeDyOTWjCCVhdFxljSndEr7GdY=";
hash = "sha256-wjF7XTiUw5lPSmNiHvqUz4ZswpzLBoYF9S25dL8VPMU=";
};
vendorSha256 = "sha256-lFyRMoI+frzAa7sL8wIzUgzJRrCQjt9Ri8T9pHIpoug=";
vendorSha256 = "sha256-rntfePkwNGnyPjIzjLJhBYLTcndHP605Ah/xPcM6sRo=";
# Tests need docker
doCheck = false;

4
pkgs/tools/misc/etcher/default.nix
View file

@ -5,7 +5,7 @@
, util-linux
, bash
, makeWrapper
, electron_12
, electron
}:
let
@ -23,8 +23,6 @@ let
"i686-linux" = "i386";
}."${system}" or throwSystem;
electron = electron_12;
in
stdenv.mkDerivation rec {

7
pkgs/tools/misc/lilo/default.nix
View file

@ -8,7 +8,12 @@ stdenv.mkDerivation rec {
hash = "sha256-4VjxneRWDJNevgUHwht5v/F2GLkjDYB2/oxf/5/b1bE=";
};
nativeBuildInputs = [ dev86 sharutils ];
DESTDIR = placeholder "out";
makeFlags = [
"DESTDIR=${placeholder "out"}"
"SBIN_DIR=/bin"
"USRSBIN_DIR=/bin"
"MAN_DIR=/share/man"
];
meta = with lib; {
homepage = "https://www.joonet.de/lilo/";

12
pkgs/tools/security/gospider/default.nix
View file

@ -1,20 +1,20 @@
{ buildGoModule
{ lib
, buildGoModule
, fetchFromGitHub
, lib
}:
buildGoModule rec {
pname = "gospider";
version = "1.1.5";
version = "1.1.6";
src = fetchFromGitHub {
owner = "jaeles-project";
repo = pname;
rev = version;
sha256 = "sha256-yfW94sQzT1u6O0s1sqpeANlukC5y8fNvHNL2c77+dxU=";
rev = "v${version}";
sha256 = "sha256-1EnKheHaS1kxw0cjxCahT3rUWBXiqxjKefrDBI2xIvY=";
};
vendorSha256 = "sha256-1aOw0lk+khcX9IETA0+wGx91BFXrJ79zYWhEI2JrhDU=";
vendorSha256 = "sha256-egjjSEZH8F6UMbnkz3xytIzdW/oITB3RL1ddxrmvSZM=";
# tests require internet access and API keys
doCheck = false;

18
pkgs/top-level/all-packages.nix
View file

@ -1480,7 +1480,7 @@ with pkgs;
bic = callPackage ../development/interpreters/bic { };
binance = callPackage ../applications/misc/binance {
electron = electron_12;
electron = electron_13;
};
bit = callPackage ../applications/version-management/git-and-tools/bit { };
@ -3489,7 +3489,7 @@ with pkgs;
pn = callPackage ../tools/text/pn { };
pocket-casts = callPackage ../applications/audio/pocket-casts {
electron = electron_12;
electron = electron_14;
};
poweralertd = callPackage ../tools/misc/poweralertd { };
@ -5028,7 +5028,9 @@ with pkgs;
escrotum = callPackage ../tools/graphics/escrotum { };
etcher = callPackage ../tools/misc/etcher { };
etcher = callPackage ../tools/misc/etcher {
electron = electron_14;
};
ethtool = callPackage ../tools/misc/ethtool { };
@ -7917,7 +7919,7 @@ with pkgs;
grocy = callPackage ../servers/grocy { };
inherit (callPackage ../servers/nextcloud {})
nextcloud20 nextcloud21 nextcloud22;
nextcloud20 nextcloud21 nextcloud22 nextcloud23;
nextcloud-client = libsForQt5.callPackage ../applications/networking/nextcloud-client { };
@ -10022,7 +10024,7 @@ with pkgs;
thc-ipv6 = callPackage ../tools/security/thc-ipv6 { };
thedesk = callPackage ../applications/misc/thedesk {
electron = electron_12;
electron = electron_14;
};
theharvester = callPackage ../tools/security/theharvester { };
@ -20655,6 +20657,8 @@ with pkgs;
clickhouse-cli = with python3Packages; toPythonApplication clickhouse-cli;
clickhouse-backup = callPackage ../development/tools/database/clickhouse-backup { };
couchdb3 = callPackage ../servers/http/couchdb/3.nix {
erlang = erlangR22;
};
@ -29142,7 +29146,7 @@ with pkgs;
weston = callPackage ../applications/window-managers/weston { pipewire = pipewire_0_2; };
whalebird = callPackage ../applications/misc/whalebird {
electron = electron_12;
electron = electron_14;
};
wio = callPackage ../applications/window-managers/wio { };
@ -31873,7 +31877,7 @@ with pkgs;
geogebra = callPackage ../applications/science/math/geogebra { };
geogebra6 = callPackage ../applications/science/math/geogebra/geogebra6.nix {
electron = electron_12;
electron = electron_14;
};
maxima = callPackage ../applications/science/math/maxima {